Everybody makes mistakes when writing comparison functions

Andrey Karpov
2 min readSep 9, 2021

Recently the OpenSSL 3.0.0 library was released. We decided to look at the project’s code quality and checked it with the PVS-Studio static analyzer. The code quality is excellent. Thus, we cannot write a long article about errors, as we usually do. However, there was one beautiful mistake, and I couldn’t ignore it.

No one knows how to write comparison functions. I even wrote an article about it: “The Evil within the comparison functions”. And here’s a beautiful confirmation in the OpenSSL code :).

static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b){  return
ossl_ffc_params_cmp(&a->pkey.dh->params, &a->pkey.dh->params,
a->ameth != &ossl_dhx_asn1_meth);

PVS-Studio warns: “V751 Parameter ‘b’ is not used inside function body. dh_ameth.c 312”. The analyzer detected a suspicious function where one of the parameters is never used while another parameter is used several times. It may indicate an error in the code.

The a pointer points to an object that is compared to itself. The b pointer is not used.

That’s all. Be careful and vigilant!

Note. It makes little sense to use the analyzer once. Usually, you won’t find anything interesting in code. Th analyzer must be used regularly, checking new and low-level code. If you want to read about it in more details, here’s an article: “Errors that static code analysis does not find because it is not used”. If you are just getting acquainted with the methodology of static code analysis, I highly recommend you to read it.

Thank you for your time. Come and try PVS-Studio for your projects.



Andrey Karpov

Co-founder of the PVS-Studio project. Microsoft MVP in the ‘Developer Technologies’ nomination and PhD in Physics and Mathematics.